chore(deps): bump github.com/open-policy-agent/opa from 1.12.3 to 1.13.1 in /policy/opa in the opa-deps group #69
Security Issues Found
Found 1 security issues that require attention
Details
Kusari Analysis Results:
Caution
Flagged Issues Detected
These changes contain flagged issues that may introduce security risks.
While the OPA dependency upgrade from v1.12.3 to v1.13.1 is safe with no vulnerabilities in the updated packages themselves, this PR cannot be merged due to 3 critical vulnerabilities in the Go standard library (v1.25.5). The affected components include crypto/tls (CVE-2025-68121: unexpected session resumption, CVE-2025-61730: handshake messages at incorrect encryption level) and net/url (CVE-2025-61726: memory exhaustion in query parsing). These vulnerabilities directly compromise secure communications and system stability. Action required: Update the Go version in go.mod to a patched release that addresses GO-2026-4337, GO-2026-4340, and GO-2026-4341, then run 'go mod tidy'. The OPA upgrade itself is sound and should be retained once the Go stdlib is patched.
Note
View full detailed analysis result for more information on the output and the checks that were run.
Required Code Mitigations
Update the Go version to address the three critical vulnerabilities in the standard library. The current version (v1.25.5) has known security issues in crypto/tls and net/url packages. Upgrade to the latest patched Go version that addresses CVE-2025-68121, CVE-2025-61730, and CVE-2025-61726.
- Potential Code Fix:
Update the go directive in go.mod to use a patched version of Go that addresses these vulnerabilities, then run 'go mod tidy' to update dependencies.
@kusari-inspector rerun - Trigger a re-analysis of this PR
@kusari-inspector feedback [your message] - Send feedback to our AI and team
See Kusari's documentation for setup and configuration.
Commit: bee6373, performed at: 2026-02-09T10:13:31Z